Ticket #7655 (new enhancement)

Opened 5 years ago

Last modified 5 years ago

BIND is a big memory hog, complex - replace with dnsmasq, djbdns

Reported by: martinlanghoff Owned by: martin.langhoff
Priority: normal Milestone: Future Release
Component: school server Version: not specified
Keywords: fedoradev Cc: jerub
Action Needed: never set Verified: no
Deployments affected: Blocked By:
Blocking:

Description

BIND is overkill for our purposes. At the current time, it sits on 26MB RAM just to serve 6 domain names we host, and act as a resolving nameserver.

Additionally, it is not a daemon known for security or resiliency.

Task: check the viability of replacing BIND+DHCPd with dnsmasq. If dnsmasq is not as good as expected, we can settle with replacing just BIND with djbdns. Thankfully djbdns now has a more sensible license.

Change History

Changed 5 years ago by martin.langhoff

  • keywords fedoradev added

Changed 5 years ago by jerub

  • cc jerub added

As an addendum to this ticket, bind is currently configured on the school server to ONLY use a source port of '53' for all DNS requests. This is a security problem, and can result in exceptionally easy cache poisoning.

Note: See TracTickets for help on using tickets.